Ransomware attack seen prompting more cyber cover buys

Posted On: Mar. 26, 2019 7:00 AM CST

Judy Greenwald

Last week’s ransomware attack on Norway’s Norsk Hydro ASA, one of the world’s largest aluminum producers, is likely to generate increased interest by manufacturers in obtaining cyber insurance, which was already raised by 2017’s NotPetya virus, say observers.

Norsk Hydro has insurance to cover the event, according to reports quoting its CEO, although additional details were not immediately available.

“Currently, we do not provide those details. We might do that later, connected to financial, quarterly reporting,” a company spokesman said in a statement.

Norsk Hydro said Monday one of its major divisions was back up to 60% of capacity after the ransomware attack, according to Reuters.

The question is whether the company purchased enough coverage, because some organizations, especially those outside the United States, “may not necessarily purchase robust cyber insurance limits,” said Stephanie Snyder, Chicago-based senior vice president and national sales leader for cyber insurance with Aon PLC.

She pointed to NotPetya, which took down thousands of computers in dozens of countries, disrupting shipping and businesses, as a situation that demonstrated the damage such an attack can cause.

The Norsk Hydro attack is likely to generate increased interest in cyber insurance by the manufacturing sector, experts say.

“We still find that most manufacturers and industrial entities or corporations are not yet buying cyber insurance,” said Max Perkins, Atlanta-based senior vice president for global cyber and technology, global professional and financial risks with Lockton Cos. LLC.

“Many of them have relied on some coverage in the property market over the years, or they have thought the insurance was not necessarily relevant, because cyber has been so focused on data breaches in the past,” he said.

Manufacturers have lagged other sectors in obtaining cyber insurance because they perceived the coverage as primarily dealing with the costs associated with data breaches, so it applied only to companies that collected significant amounts of consumer data, said James Burns, London-based cyber product leader for CFC Underwriting Ltd.

But from a policyholder standpoint, he hopes Norsk Hydro will be a “wake-up call” for the manufacturing industry and alert it to the “potential pitfalls and exposures that exist out there in relation to cyber risk.”

John Farley, New York-based managing director, cyber liability practice, for Arthur J. Gallagher & Co., said, “There is clear evidence that hackers have begun to focus on industries outside of the traditional targets” of retail and financial services, and “manufacturers may not think they are necessarily targets,” but the incident proves the opposite.

There has been a “blurring of the lines” between information technology and the production environment, and incidents such as these “make people realize that exposure and that connectivity could potentially put them at risk,” said Jeff Tilley, New York-based manager of FM Global’s cyber engineering division, who added, ”Typically in a production environment, the cybersecurity is a bit weaker.”

Policyholders were already alerted by the NotPetya virus, said Robert Parisi, New York-based managing director and cyber product leader for Marsh LLC.

“I think we’ve seen that over the last two years, there is a growing awareness and a growing concern that this risk is out there,” he said.

However, with news of such an event “you have a sudden bout of self-awareness of people going back and looking to see if they have coverage for a similar event” that lasts until “they find some level of comfort that they can transfer that risk if a similar event happened to them,” Mr. Parisi said.

Ms. Snyder said the incident reflects how important it is for all organizations “to take a very careful look into their supply chain. Here we’re talking about one of the world’s largest aluminum producers, and because there are not so many aluminum producers,” the incident could potentially create business interruption or contingent business interruption losses for downstream companies.

The threat of such an attack has been of ongoing interest to underwriters, experts say. “The cyber markets, by and large, are stepping up to the plate” in providing such coverage, said Mr. Parisi. The markets have “been pretty clear they view this as squarely within their wheelhouse.”

“They are certainly paying attention to the magnitude of this situation. However, they have actually been looking into the concerns related to operational technology since NotPetya happened in 2017,” Mr. Perkins said.

But “I don’t see the insurers overreacting to it, because it’s one isolated incident, and as far as we’re aware right now, they have already been underwriting to the risk and controls around this kind of event,” he said.

Ms. Snyder said, “I don’t see this particular event as shifting the cyber insurance market, which has already seen some hardening along with the overall property/casualty market.”